PHP serendipity_session_destroy Exemples

Langage de programmation: PHP

Méthode/Fonction: serendipity_session_destroy

Exemples au hotexamples.com: 2

PHP serendipity_session_destroy - 2 exemples trouvés. Ce sont les exemples réels les mieux notés de serendipity_session_destroy extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Associées

WorkflowStepTransitions

course_outline

epl_get_att_count

ThemeHouse_RedirectRules_Listener_TemplatePostRender

HW_Templates_Metabox

SBP_GoogleLibraries

BootException

ComposerAutoloaderInit6e55b3b5ae126a14e2bd04aeaffc3dce

OficinaDAO

MockContent

Related in langs

HocLucData (C#)

DataTable (C#)

get_vlc2 (C++)

find_inferior_id (C++)

All (Go)

memcached_behavior_t (Go)

HardSoftLongScore (Java)

ImageLoader (Java)

cleanTitle (Python)

BitVector (Python)

Exemple #1

0

Afficher le fichier

Fichier : serendipity_admin.php Projet : smoeding/Serendipity

if (IS_installed === false) { require_once S9Y_INCLUDE_PATH . 'include/functions.inc.php'; } else { if (defined('IS_up2date') && IS_up2date === true) { serendipity_plugin_api::hook_event('backend_configure', $serendipity); } } if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'logout') { serendipity_logout(); header("Location: " . $serendipity['baseURL']); } else { if (IS_installed === true) { /* Check author token to insure session not hijacked */ if (!isset($_SESSION['author_token']) || !isset($serendipity['COOKIE']['author_token']) || $_SESSION['author_token'] !== $serendipity['COOKIE']['author_token']) { $_SESSION['serendipityAuthedUser'] = false; serendipity_session_destroy(); } if (!serendipity_userLoggedIn()) { // Try again to log in, this time with enabled external authentication event hook serendipity_login(true); } } } // If we are inside an iframe, halt the script if (serendipity_is_iframe() !== false) { include_once S9Y_INCLUDE_PATH . 'include/functions_entries_admin.inc.php'; // An iframe may NOT contain <html> and </html> tags, that's why we emit different headers here than on serendipity_admin.php // We need to restore GET/POST variables to that depending plugins inside the iframe // can still fetch all that variables; and we also tighten security by not allowing // to pass any different GET/POST variables to our iframe. $iframe_mode = $serendipity['GET']['iframe_mode'];

Exemple #2

0

Afficher le fichier

Fichier : functions_config.inc.php Projet : beealone/Serendipity

/** * Perform user authentication routine * * If a user is already authenticated via session data, this bypasses some routines. * After a user has ben authenticated, several SESSION variables ar set. * If the authentication fails, the session is destroyed. * * @access public * @param string The username to check * @param string The password to check (may contain plaintext or MD5 hash) * @param boolean Indicates whether the input password is already in MD5 format (TRUE) or not (FALSE). * @param boolean Indicates whether to query external plugins for authentication * @return boolean True on success, False on error */ function serendipity_authenticate_author($username = '', $password = '', $is_hashed = false, $use_external = true) { global $serendipity; static $debug = false; static $debugc = 0; if ($debug) { $fp = fopen('login.log', 'a'); flock($fp, LOCK_EX); $debugc++; fwrite($fp, date('Y-m-d H:i') . ' - #' . $debugc . ' Login init [' . $username . ',' . $password . ',' . (int) $is_hashed . ',' . (int) $use_external . ']' . ' (' . $_SERVER['REMOTE_ADDR'] . ',' . $_SERVER['REQUEST_URI'] . ', ' . session_id() . ')' . "\n"); } if (isset($_SESSION['serendipityUser']) && isset($_SESSION['serendipityPassword']) && isset($_SESSION['serendipityAuthedUser']) && $_SESSION['serendipityAuthedUser'] == true) { $username = $_SESSION['serendipityUser']; $password = $_SESSION['serendipityPassword']; // For safety reasons when multiple blogs are installed on the same host, we need to check the current author each time to not let him log into a different blog with the same sessiondata #$is_hashed = true; if ($debug) { fwrite($fp, date('Y-m-d H:i') . ' - Recall from session: ' . $username . ':' . $password . "\n"); } } if ($debug) { fwrite($fp, date('Y-m-d H:i') . ' - Login ext check' . "\n"); } $is_authenticated = false; serendipity_plugin_api::hook_event('backend_login', $is_authenticated, NULL); if ($is_authenticated) { return true; } if ($debug) { fwrite($fp, date('Y-m-d H:i') . ' - Login username check:' . $username . "\n"); } if ($username != '') { if ($use_external) { serendipity_plugin_api::hook_event('backend_auth', $is_hashed, array('username' => $username, 'password' => $password)); } $query = "SELECT DISTINCT\n email, password, realname, authorid, userlevel, right_publish, hashtype\n FROM\n {$serendipity['dbPrefix']}authors\n WHERE\n username = '******'"; if ($debug) { fwrite($fp, date('Y-m-d H:i') . ' - Login check (' . serialize($is_hashed) . ', ' . $_SESSION['serendipityPassword'] . '):' . $query . "\n"); } $rows =& serendipity_db_query($query, false, 'assoc'); if (is_array($rows)) { foreach ($rows as $row) { if ($is_valid_user) { continue; } $is_valid_user = false; // Old MD5 hashing routine. Will convert user. if (empty($row['hashtype']) || $row['hashtype'] == 0) { if (isset($serendipity['hashkey']) && time() - $serendipity['hashkey'] >= 15768000) { die('You can no longer login with an old-style MD5 hash to prevent MD5-Hostage abuse. Please ask the Administrator to set you a new password.'); } if ($is_hashed === false && (string) $row['password'] === (string) md5($password) || $is_hashed !== false && (string) $row['password'] === (string) $password) { serendipity_db_query("UPDATE {$serendipity['dbPrefix']}authors\n SET password = '******',\n hashtype = 1\n WHERE authorid = '" . $row['authorid'] . "'"); if ($debug) { fwrite($fp, date('Y-m-d H:i') . ' - Migrated user:'******'username'] . "\n"); } $is_valid_user = true; } else { continue; } } else { if ($is_hashed === false && (string) $row['password'] === (string) serendipity_hash($password) || $is_hashed !== false && (string) $row['password'] === (string) $password) { $is_valid_user = true; if ($debug) { fwrite($fp, date('Y-m-d H:i') . ' - Validated ' . $row['password'] . ' == ' . ($is_hashed === false ? 'unhash:' . serendipity_hash($password) : 'hash:' . $password) . "\n"); } } else { if ($debug) { fwrite($fp, date('Y-m-d H:i') . ' - INValidated ' . $row['password'] . ' == ' . ($is_hashed === false ? 'unhash:' . serendipity_hash($password) : 'hash:' . $password) . "\n"); } continue; } } // This code is only reached, if the password before is valid. if ($is_valid_user) { if ($debug) { fwrite($fp, date('Y-m-d H:i') . ' [sid:' . session_id() . '] - Success.' . "\n"); } serendipity_setCookie('old_session', session_id(), false); if (!$is_hashed) { serendipity_setAuthorToken(); $_SESSION['serendipityPassword'] = $serendipity['serendipityPassword'] = $password; } $_SESSION['serendipityUser'] = $serendipity['serendipityUser'] = $username; $_SESSION['serendipityRealname'] = $serendipity['serendipityRealname'] = $row['realname']; $_SESSION['serendipityEmail'] = $serendipity['serendipityEmail'] = $row['email']; $_SESSION['serendipityAuthorid'] = $serendipity['authorid'] = $row['authorid']; $_SESSION['serendipityUserlevel'] = $serendipity['serendipityUserlevel'] = $row['userlevel']; $_SESSION['serendipityAuthedUser'] = $serendipity['serendipityAuthedUser'] = true; $_SESSION['serendipityRightPublish'] = $serendipity['serendipityRightPublish'] = $row['right_publish']; $_SESSION['serendipityHashType'] = $serendipity['serendipityHashType'] = $row['hashtype']; serendipity_load_configuration($serendipity['authorid']); serendipity_setCookie('userDefLang', $serendipity['lang'], false); return true; } } } // Only reached, when proper login did not yet return true. if ($debug) { fwrite($fp, date('Y-m-d H:i') . ' - FAIL.' . "\n"); } $_SESSION['serendipityAuthedUser'] = false; serendipity_session_destroy(); } if ($debug) { fwrite($fp, date('Y-m-d H:i') . ' [sid:' . session_id() . '] - Uninit' . "\n"); fclose($fp); } return false; }